Collaborate Disseminate
The list of notable 2016 data breaches is long and wacky. Cybercriminals compromised food delivery apps, FBI databases and seemingly everything in between.
The post Stranger Than Fiction? The Six Weirdest 2016 Data Breaches appeared first on Security Intelligence.
Continue reading Stranger Than Fiction? The Six Weirdest 2016 Data Breaches
Three UK, a telecom and ISP operating in the United Kingdom, has suffered a data breach. According to Three’s status report on the investigation, the attackers were able to access the company’s customer upgrade system by using login credentials of an employee, and their goal was to steal high-end smartphones. “Over the last four weeks Three has seen an increasing level of attempted handset fraud. This has been visible through higher levels of burglaries of … More → Continue reading Fraudsters accessed Three UK customer database with authorised credentials
I published the following diary on isc.sans.org: “Collecting Users Credentials from Locked Devices“. It’s a fact: When a device can be physically accessed, you may consider it as compromised. And if the device is properly hardened, it’s just a matter of time. The best hacks are the ones which use
[The post [SANS ISC Diary] Collecting Users Credentials from Locked Devices has been first published on /dev/random]
Continue reading [SANS ISC Diary] Collecting Users Credentials from Locked Devices
Remotely manage DNS servers using alternate credentials
read more Continue reading Manage remote DNS serves using alternate credentials
Data of some 200 million Yahoo users has been offered for sale on the TheRealDeal dark web market by “peace_of_mind” (aka “Peace”). Even though Yahoo is yet to confirm whether the batch actually contains their users’ data, chances are good that it does, as Peace has been selling huge batches of user data stolen from VK, Tumblr, iMesh and other online services, and those have been the real deal. This batch is being sold for … More → Continue reading Data of 200 million Yahoo users offered for sale
I’m building an oauth 2.0 protocol. I’m wondering how the refresh token works exactly.
My understanding is that the use of a refresh token enable short lived access token and therefore limits the vulnerability of those acces… Continue reading Where should I store a refresh token
Social media account takeovers have recently impacted some high-profile individuals and groups, but a few simple measures can greatly reduce this risk.
The post Account Takeovers: They Can Happen to Anyone appeared first on Security Intelligence.
Continue reading Account Takeovers: They Can Happen to Anyone
Social media account takeovers have recently impacted some high-profile individuals and groups, but a few simple measures can greatly reduce this risk.
The post Account Takeovers: They Can Happen to Anyone appeared first on Security Intelligence.
Continue reading Account Takeovers: They Can Happen to Anyone
We are currently whitelisting the hosts owned by our company on our Cisco switches to prevent private hosts in our network. This works pretty well but someone can still spoof the MAC address of his host.
Now we had the idea … Continue reading Identify malicous hosts in our network by sending valid domain credentials
We are currently whitelisting the hosts owned by our company on our Cisco switches to prevent private hosts in our network. This works pretty well but someone can still spoof the MAC address of his host.
Now we had the idea … Continue reading Identify malicious hosts in our network by sending valid domain credentials